• ciphers
• ssh-keygen
  • Change password
• .ssh/authorised_keys
• Socks Proxy
• Local forward
• Remote Forward

SSH Misc

ciphers

to tear down encryption when e.g. pushing/pulling backups through you own networks
set a low (unsecure) encryption cipher, e.g. to:

-c arcfour 

which had best test results of about 10MB/s transferrate… or

-c blowfish

which results in about 9.5MB/s transferrate
also good

ssh-keygen

Change password

ssh-keygen -p -f id_rsa

.ssh/authorised_keys

Prefix your authorized_keys line with ‘command=””‘ to ONLY allow this specific command to be run:

command="/usr/bin/AllowedCommand" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQE
A06ssYDmr5eWxbp+piT4vyPBO3qYsk9ZsagAgZ4ygmGQzSZr9yxaZSkUFFXJvkwZuRVPI
U5UITBi3Whvh2y5Ajm91+M5qKwXeakrJ49GlsyuLfzYr7onttfP0cleLQuLLrf5Pxly1g
yaDMN2esPDkngl/XplvaWJQDmQAAQmgMzYig+J+xGHESU9IomUHSZ/oju5xiFVVA+gLMg
6BWPnYDA2zwGLuYZmeRdw+qJN4Mg6jiD5XQPqBVSI+zlcyFbaAz2EVlLEIRmx1nPOtVb/
SdxNr7VEYkted6WDXmm6KYMvnzWtJCe8mdIgNhCKd4pFKniJNUUhtK7GFiaF3/agJyQ==
 root@Nagios

sshfs

sshfs -o reconnect -o sshfs_sync [-o IdentityFile=/path/to/.ssh/id_rsa] root@BACKUPHOST:/backups/thor /path/to/mountpoint

Ssh Tunneling

Socks Proxy

ssh enables me to simply create an ssh-tunnel which provides a socks proxy.
this is really simple!
ssh protocoll version 2 is needed but should prefered anyway… 😉

ssh [-f] -N -D[ip:]1080 <username>@my.sshenabled.really.huge.bandwith.connected.host.tld

where:

• -f run in background, otherwise ssh runs in foreground…
• -N says sshd not to start any application on destination host
• -D specifies the port to use on the local host (1080)
  • if you do not specify an IP of your local system, localhost (127.0.0.1) is used…
  • keep in mind, that you need to be root to allocate well-known-ports

.ssh/config:

DynamicForward 127.0.0.1:1080

or

Host proxy
        Hostname 10.21.22.23
        User <user>
        Protocol 2
        DynamicForward 4711

now do:

ssh proxy

and then:

ssh -o ProxyCommand="/usr/bin/nc --proxy 127.0.0.1:4711 --proxy-type socks4 %h %p" ws01.domain.tld -l root

Local forward

Example:
=========
thor@asgard$
ssh -L 10.10.11.254:3389:192.168.102.50:3389 -f -N root@213.221.106.43

~/.ssh/config:
--------------
LocalForward 10.10.11.254:3389 192.168.102.50:3389


allgemeine syntax:
==================
ssh -L [lokaler_host:]lokaler_port:dst_host:dst_port -f -N user@ssh_host


asgard              firewall (ext)        ssh_host (firewall internal)
10.10.11.254 ---> 213.221.106.43:22 ---> 192.168.102.40:22
                                                |
                                                |
                                               3389
                                                |
                                                |
                                                v
                                         192.168.102.50 (win) 
                                             dst_host

Remote Forward

remote ssh server opens port 127.0.0.1:8000 which gets forwarded back to my system 10.10.11.254:80

ssh -R 127.0.0.1:8000:10.10.11.254:80 213.221.106.43

~/.ssh/config:

RemoteForward 127.0.0.1:8000 10.10.11.254:80